Unencrypted MoviePass Database Exposes Sensitive Info From Thousands of Customers - MacRumors
Skip to Content

Unencrypted MoviePass Database Exposes Sensitive Info From Thousands of Customers

by

Struggling movie ticket subscription service MoviePass stored thousands of customer card numbers and personal credit cards in a database that was not protected with a password, reports TechCrunch.

The exposed database, which contained 161 million records, was discovered by Mossab Hussain, a Dubai-based security researcher. Many of the records in the database were computer-generated logging messages, but some also featured sensitive user information like MoviePass customer card numbers.

moviepass august 2018
MoviePass customer cards work like debit cards and are issued by Mastercard, allowing customers who sign up for MoviePass to use them to pay for the full cost of movie tickets.

In a sample of 1,000 records, TechCrunch found that a little over half contained unique MoviePass debit card numbers, expiration dates, and card balance. More than 58,000 records containing card data were found.

The unprotected MoviePass database also featured some customers' personal credit card numbers along with expiration dates, names, addresses, and other billing information. TechCrunch says that records contained enough information to allow someone to make fraudulent card purchases, though some records featured card numbers that were masked with the exception of the last four digits.

Email addresses and passwords related to failed login attempts were also found in the database.

We found hundreds of records containing the user's email address and presumably incorrectly typed password -- which was logged -- in the database. We verified this by attempting log into the app with an email address and password that didn't exist but only we knew. Our dummy email address and password appeared in the database almost immediately.

While Hussain contacted MoviePass CEO Mitch Lowe over the weekend, there was no response. MoviePass left the database online until Tuesday when TechCrunch contacted the company.

The database may have been accessible for months, but MoviePass did not respond to TechCrunch's questions about how long the server was exposed and whether it plans to disclose the incident to customers.

Hussain told TechCrunch that he questions why internal technical teams would be allowed to see critical data in plaintext, "let alone the fact that the dataset was exposed for public access by anyone."

Since its early 2018 launch, MoviePass has failed catastrophically. It ran out of money temporarily in mid-2018 because it was losing up to $40 million per month, and then began cutting back on the quality of service, limiting movie access, raising prices, and even temporarily shutting down.

Earlier this month, there were reports suggesting that MoviePass even went as far as changing the passwords of its most active users in an attempt to save money. Over the course of the last year, MoviePass has allegedly gone from three million subscribers to approximately 225,000.

Top Rated Comments

redneckitengineer Avatar
90 months ago
I jumped ship a LONG time ago when they started limiting and cutting. The funny thing, I haven't been back to the theaters once since. Greedy theaters that didn't want to partner lost all my business. Instead of being reasonable, they lost a lot more.
Score: 8 Votes (Like | Disagree)
KGBguy Avatar
90 months ago
Yep, this company is a total joke. I dumped them 2 months after getting it.
Score: 7 Votes (Like | Disagree)
CarlJ Avatar
90 months ago
Greedy theaters that didn't want to partner lost all my business. Instead of being reasonable, they lost a lot more.
Greedy theaters? Reasonable? MoviePass was selling you deeply discounted tickets that they were buying at full price, and your takeaway is that the tickets were overvalued? If I go bankrupt selling you dollar bills for 25 cents each, do you think that dollar bills are too expensive at normal prices, or that I had a terrible business plan.
Score: 4 Votes (Like | Disagree)
dannyyankou Avatar
90 months ago
Thank god I never took the bait and signed up for this cluster service.
Score: 4 Votes (Like | Disagree)
TMRJIJ Avatar
90 months ago
I honestly thought this company was dead already
Score: 2 Votes (Like | Disagree)
zorinlynx Avatar
90 months ago
Why does this company still exist? Shouldn't it be six feet under by now? How can a company be such a complete cluster-****, lose millions and millions of dollars, and still be around to lose control of customer data?

It's frustrating to see this happen while so many good people are scraping by.
Score: 1 Votes (Like | Disagree)

Popular Stories

iphone 16 teal

'Siri AI' Lawsuit Update: Apple to Pay Owners of These iPhone Models

Thursday July 9, 2026 7:08 am PDT by
In May, Apple agreed to pay $250 million to settle a U.S. class action lawsuit over Siri AI's delayed launch, and eligible iPhone users could receive up to a $95 payout. This week, the California court overseeing the case held a hearing regarding preliminary approval of the settlement, but the judge has not yet issued a ruling. It will likely be at least a few more months before eligible...
Apple TV Thumb 3

Everything Coming in the 2026 Apple TV 4K

Wednesday July 8, 2026 4:51 pm PDT by
The Apple TV 4K hasn't been updated since 2022, and it's due for a refresh. An update is planned for 2026, but Apple is likely going to wait to launch it after Siri AI launches in iOS 27. Design Apple TV design updates don't happen often, and that's not changing. The next Apple TV is going to have the same squircle shape as the current model, and it'll continue to be made from a black...
apple wallet drivers license feature iPhone 15 pro

Apple Says iPhone Driver's Licenses Will Expand to These 6 U.S. States

Thursday July 9, 2026 7:29 am PDT by
In select U.S. states, residents can add their driver's license or state ID to the Apple Wallet app on the iPhone and Apple Watch, and then use it to display proof of identity or age at select airports and businesses, and in select apps. To set up the feature, open the Wallet app on the iPhone and tap on the plus sign in the top-right corner. Next, tap on Driver's License and ID Cards,...